This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Start a conversation

Discover LIVEcommunity Through Our New Animated Explainer Video!

We’re thrilled to unveil a brand-new animated video that highlights everything LIVEcommunity has to offer! This short and engaging video gives you a quick tour of the many resources available in our vibrant community — from interactive discussions and customer journey guides to the Cyber Elite program and Member Spotlight features. Whether ...

kiwi_0-1745308399217.png
kiwi by Community Team Member
  • 4239 Views
  • 0 replies
  • 0 Likes

Port Forwarding Without NAT

So, I have a very interesting network. I have a media server that is on a separate VLAN. There is no way for me to statically configure the client(s) with a static IP (they just search for the server). It uses tcp/32400. Basically, my host will show as coming from a different zone than where my media server is. So, I need to forward any tcp...

Resolved! NAT exclude

Hi,is it possible to make exceptions/exclusions for a NAT rule? Think of this scenario:small PA-200 setuponly one external/public IP addressthat IP address is used for a lot of incoming NATthe NAT rule basically forwards everything from the external IP to an internal hostnow I also want to enable GlobalProtect and incoming VPN connections on the...

Best practice for demo PAN in Tap mode

Hi,I have to demo PAN in 3 Legs firewall compose Internet, DMZ and Internal zones. so I have some question regarding to this.1. What mode on mirror I should config on the firewall, TX or RX or TX and RX ?2. Should I configure virtual system for each tap interface and why?

Report creating Question

Hi,I'm quite new to PAN firewalls, and I find the ACC page to be very informative and can usually find all the info I need from there.However, I've just had the IT manager request (and omg hes not a happy camper at me) a report of the usage of our internet as we just received an email stating we had gone over our limit for the month, which is st...

Monitoring site-to-site IPsec tunnel bandwidth via SNMP?

Do the tunnel interfaces that get created as part of building a Site-to-Site IPSec tunnel show up via SNMP interface polling? That would be awesome if we could monitor tunnel bandwidth by walking the device and monitoring the ifInOctets and ifOutOctets for the tunnel interfaces themselves.

Resolved! User-ID Management Setting

In the device management settings there is now a "User-ID" checkbox. I have looked at the administrators guide but it doesn't mention it, presumably because it is fairly new.What does this actually control, because the user-id agent on the box works fine without that checked (or seems to). Other options such as SSH, ping etc are obviously mana...

djr by L4 Transporter
  • 4402 Views
  • 5 replies
  • 0 Likes

Global Protect Architecture

Guys ,Need some guidance here . One of our client with an MPLS network wants to build a GP network . They are looking at buying a portal for a PA 5050 and have GP gateway licenses for each local box . The issue is the local boxes wre on different networks . All the users will hit the portal and the portal will now send them to their local gatewa...

usvi by L3 Networker
  • 2973 Views
  • 3 replies
  • 0 Likes

Resolved! Debug Flow Basic in PAN-OS 5.0.4 (PA 2050)

I have been having problems with running Debug Flow Basic since upgrading from PAN-OS version 4.1.6 to 5.0.4.I am using the following commands to setup my debug:debug dataplane packet-diag set log feature flow basicdebug dataplane packet-diag set capture on(I have not applied a capture filter as this is our test PA so very little traffic being p...

debsPal0 by Not applicable
  • 3781 Views
  • 2 replies
  • 0 Likes

Resolved! I don't know how to set zone protection

Hi~I have a question,,We know that,,,Paloalto appliance is not primary dos soultionso one support some dos feature (TCP Flood, UDP Flood, ICMP 0 Packet someting like that etc,,)I had poc from customer siteI set zone protection between Tap Zone and Tap zonecustomer asked me;;why is palaalto do not represent about source ip and dst ip,,,also I don...

Resolved! DHCPv6 relay - "interface is not on"?

Hi.I'm trying to configure DHCPv6 relay for a few interfaces. One of the interfaces works perfectly, but three others doesn't work at all.On the interface where the relay is working I can see the traffic flow in the traffic log, but on the interfaces where it doesn't work I see nothing at all in the log. I log all dropped packages.I ran a packet...

flic by L0 Member
  • 3358 Views
  • 2 replies
  • 0 Likes

Huge data transfers between remote DC and PAN Agent

Hi Team, We have had issue with huge data transfers between PAN agent and remote DC's We have observed lot of data activity between the PAN Agent and other Domain Controller servers on the WAN. For instance, in the last one hour our Router accounting, and WAN Graphs, has shown 830 Mb of file access from one of ourremote DC, which is connected vi...

ta185020 by Not applicable
  • 9500 Views
  • 9 replies
  • 1 Likes

Interface L2

Hi guys i have a doubt about L2 Interface!Palo Alto check triple hand shake when interfaces are on L2 ?Because i have some troubles with asymetric environment and i`m planning deploy on L2.Regards!

Thiago by L3 Networker
  • 2463 Views
  • 1 replies
  • 0 Likes

REST API and HA

If I use the REST API to pass user ID mappings from my RADIUS servers into the firewalls, what should I do when they are in an HA pair?Because I don't necessarily know which with be the active one, should I just write to one and if that fails, swap to the other (will work if they pass user info between them) or do I have to write all updates to ...

djr by L4 Transporter
  • 4117 Views
  • 2 replies
  • 0 Likes
  • 24358 Posts
  • 124 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
Labels
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks